Check Point Firewall Software Blade
The Check Point Firewall Software Blade builds on the award-winning technology first offered in Check Point’s FireWall-1 solution to provide the industry’s strongest level of gateway security and identity awareness. Check Point’s firewalls are trusted by 100% of the Fortune 100 and deployed by over 170,000 customers, and have demonstrated industry leadership and continued innovation since the introduction of FireWall-1 in 1994.
Check Point invented the stateful packet inspection technology that is utilized by virtually all firewalls today. A long-time leader in Gartner’s Enterprise Network Firewalls Magic Quadrant, Check Point is recognized by the leading analyst firm for its strong technology leadership and vision, and has won multiple awards from other analyst firms over the years. The Check Point Firewall Software Blade incorporates all of the power and capability of the revolutionary FireWall-1 solution while adding user identity awareness to provide granular event awareness and policy enforcement.
Proven gateway security with industry-leading firewall performance
- Protects over 170,000 customers and 100% of Fortune 100
- Includes patented stateful packet inspection
- Up to 40 Gbps firewall throughput with real-world traffic mix (IMIX)
User and machine identity awareness balance security and business need
- Enables granular policy definitions per user and group
- Seamless integration with Active Directory
- Ideal for protecting environments with social media and Internet applications
Integrated into Check Point Software Blade Architecture
- Centralized management, logging and reporting via a single console
- Automatic activation of Firewall Software Blade on security gateway systems
Access Control
User and Machine Awareness
User and machine awareness balances security with business needs by enabling granular policy definitions per user and group.
Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple application-based policy definition per user or group directly from the firewall.
Users’ identification may be acquired in one of three simple methods:
- Querying the active directory
- Through a caprive portal
- Installing a one-time, thin client-side agent
Authentication
Based on the industry's most advanced identity awareness, the Firewall Software Blade provides robust authentication capabilities to confirm the identity of all users and establish their rights and privileges.
The authentication component of the Firewall Software Blade offers:- Multiple and complementary methods for gaining identity awareness
- Integrated user and machine awareness functionality across the security gateway and management
Network Address Translation (NAT)
Bridge Mode
Integrated into Check Point Software Blade Architecture
Specifications
| Feature | Details |
|---|---|
| Protocol/Application Support | 500 plus protocol types |
| VoIP Protection | SIP, H.323, MGCP and SIP with NAT support |
| Network Address Translation | Static/hide NAT support with manual or automatic rules |
| DHCP Gateways | Security gateways can have dynamic IP addresses |
| VLAN | Up to 256 VLANs per interface |
| Link Aggregation | 802.3ad passive and 802.3ad active |
| Bridge Mode / Transparent Mode | Inspect traffic without interfering with the original IP routing |
| Extensive Set of Policy Objects | Individual node, networks, groups, dynamic objects |
| IP Versions | IPv4 and IPv6 |
| Fail-Safe Protections | Default filter provides protection during boot time and prior to initial policy |
| Secure Internet Communications (SIC) | Certificate-based secure communications channel among all Check Point distributed components belonging to a single management domain |
| Authentication | |
| Multiple Authentication Methods | User authentication, client authentication, session authentication |
| Local Users | Local database user store included |
| RADIUS and RADIUS Groups | Multiple servers and MS-CHAPv2, MS-PAP methods |
| LDAP and LDAP Groups | Microsoft Active Directory, Novell Directory Server, Red Hat Directory Server, OPSEC certified LDAP server |
| TACACS+ | Supported |
| RSA SecurID | Supported |
| X.509 Certificates | Supported using the included Certificate Authority or third party CAs |
| Customizable Authentication Messages | Supported |
- Products A-Z
- Appliances
- Appliances Overview
- 2200 Appliances
- 4000 Appliances
- 12000 Appliances
- 21400 Appliance
- 61000 Security System
- SecurityPower
- Power-1
- UTM-1
- Series 80
- UTM-1 Edge
- IP Appliances
- VSX-1
- DLP-1
- IPS-1
- Safe@Office
- Smart-1
- Smart-1 SmartEvent
- Integrated Appliance Solution
- IAS Bladed Hardware
- Software Blades
- Software Blades Overview
- Security Gateway
- Firewall
- IPSec VPN
- IPS
- Mobile Access
- Application Control
- Identity Awareness
- DLP
- Web Security
- URL Filtering
- Anti-Bot
- Antivirus
- Anti-Spam & Email Security
- Advanced Networking & Clustering
- Voice over IP (VoIP)
- Threat Prevention
- ThreatCloud™
- Security Management
- Network Policy Management
- Endpoint Policy Management
- Logging & Status
- SmartWorkflow
- Monitoring
- Management Portal
- User Directory
- SmartProvisioning
- SmartReporter
- SmartEvent
- Multi-Domain Security Management
- Virtualization Security
- Security Gateway Virtual Edition
- Cloud Security
- Virtual Appliance for Amazon Web Services
- Security Systems
- Security Systems Overview
- Endpoint Security
- Endpoint Security
- Full Disk Encryption
- Media Encryption
- Anti-Malware & Program Control
- Remote Access VPN
- Firewall & Compliance
- Check Point WebCheck
- Check Point GO
- Solutions
- Remote Access
- Consumer Products
- ZoneAlarm Antivirus
- ZoneAlarm ForceField
- ZoneAlarm Internet Security Suite
